Skip to content

Instantly share code, notes, and snippets.

My1

Block or report user

Report or block My1

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gmail stylish.css
/*!
Written by My1 (github.com/My1, twitter.com/My1xT, blog.my1.tech
you can use, modify, share, etc. this little piece of code but please keep this comment. (basically a CC-BY)
*/
body, td, input, textarea, select { /* force fonts */
font-family: arial, sans-serif;
}
View keybase.md

Keybase proof

I hereby claim:

  • I am My1 on github.
  • I am my1 (https://keybase.io/my1) on keybase.
  • I have a public key whose fingerprint is 5BE1 825C 1ECD 3A6F 8222 956C 9A1B 0068 DA1C 4748

To claim this, I am signing this object:

@My1
My1 / gist:615843f53ff4fb6d2573
Created Mar 7, 2016
message about selfsigned certs
View gist:615843f53ff4fb6d2573
wait a sec I have to intervene. firefox just shows a warning page but when you trust the lock turns green and everything is ncie. chrome instead makes it red and slashes out the https.
the problem is really that users need to be aware of a possible false sense of security and I think that users shouldnt carelessly connect to a self signed cert (unless it is DANE'd)
while with unencrpyted the user sees "okay it's not encrypted, better be careful", but many people get a false sense of security from the lock (the reason why FF4-13 removed the lock, which was quite an intresting idea in my opinion.
I would maybe instead of crossing the lock, throw a question mark next to it (as in the fact that the real identity of the key is unknown)
throwing that intermediate page should maybe be a little bit more neutral, similar to ssh connection dialogs, but then SSHing people usually have a bit more knowledge than the average user.
You can’t perform that action at this time.